ansible/xoxys.ucs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: ansible:main
Branches Tags
ansible:main
ansible:docs
...
pull from: ansible:docs
Branches Tags
ansible:main
ansible:docs

No commits in common. "main" and "docs" have entirely different histories.
main ... docs

18 changed files with 194 additions and 570 deletions
Show Stats Expand all files Collapse all files

124
.drone.jsonnet
View File

@ -1,124 +0,0 @@
local PipelineLinting = {
kind: 'pipeline',
name: 'linting',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'ansible-later',
image: 'thegeeklab/ansible-later',
commands: [
'ansible-later',
],
},
{
name: 'python-format',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq yapf',
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
],
},
{
name: 'python-flake8',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq flake8',
'flake8',
],
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
};
local PipelineDocumentation = {
kind: 'pipeline',
name: 'documentation',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'generate',
image: 'thegeeklab/ansible-doctor',
environment: {
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
},
},
{
name: 'publish',
image: 'plugins/gh-pages',
settings: {
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
netrc_machine: 'gitea.rknet.org',
username: { from_secret: 'gitea_username' },
password: { from_secret: 'gitea_token' },
pages_directory: '_docs/',
target_branch: 'docs',
},
when: {
ref: ['refs/heads/main'],
},
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
depends_on: [
'linting',
],
};
local PipelineNotification = {
kind: 'pipeline',
name: 'notification',
platform: {
os: 'linux',
arch: 'amd64',
},
clone: {
disable: true,
},
steps: [
{
name: 'matrix',
image: 'thegeeklab/drone-matrix',
settings: {
homeserver: { from_secret: 'matrix_homeserver' },
roomid: { from_secret: 'matrix_roomid' },
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
username: { from_secret: 'matrix_username' },
password: { from_secret: 'matrix_password' },
},
},
],
depends_on: [
'documentation',
],
trigger: {
status: ['success', 'failure'],
ref: ['refs/heads/main', 'refs/tags/**'],
},
};
[
PipelineLinting,
PipelineDocumentation,
PipelineNotification,
]

120
.drone.yml
View File

@ -1,120 +0,0 @@
---
kind: pipeline
name: linting
platform:
os: linux
arch: amd64
steps:
- name: ansible-later
image: thegeeklab/ansible-later
commands:
- ansible-later
- name: python-format
image: python:3.11
commands:
- pip install -qq yapf
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
environment:
PY_COLORS: 1
- name: python-flake8
image: python:3.11
commands:
- pip install -qq flake8
- flake8
environment:
PY_COLORS: 1
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
---
kind: pipeline
name: documentation
platform:
os: linux
arch: amd64
steps:
- name: generate
image: thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
- name: publish
image: plugins/gh-pages
settings:
netrc_machine: gitea.rknet.org
pages_directory: _docs/
password:
from_secret: gitea_token
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
target_branch: docs
username:
from_secret: gitea_username
when:
ref:
- refs/heads/main
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- linting
---
kind: pipeline
name: notification
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: matrix
image: thegeeklab/drone-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
username:
from_secret: matrix_username
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- documentation
---
kind: signature
hmac: fdc8576e915a103e3a4aec7dc8bf1068e602ee975ff6d0fb5d92ee2434d9d0ce
...

13
.gitignore vendored
View File

@ -1,13 +0,0 @@
# ---> Ansible
*.retry
filter/plugins/
library
# ---> Python
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# ---> Docs
/_docs

19
.later.yml
View File

@ -1,19 +0,0 @@
---
ansible:
custom_modules:
- iptables_raw
- openssl_pkcs12
- proxmox_kvm
- ucr
- corenetworks_dns
- corenetworks_token
rules:
exclude_files:
- molecule/
- "LICENSE*"
- "**/*.md"
- "**/*.ini"
exclude_filter:
- LINT0009

21
LICENSE
View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice (including the next
paragraph) shall be included in all copies or substantial portions of the
Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

12
README.md
View File

@ -1,12 +0,0 @@
# xoxys.ucs
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.ucs?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.ucs)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
Configure an [Univention Corporate Server](https://www.univention.com/products/ucs/). UCS is a server appliance with an integrated management system for the central and cross-platform administration of servers, services, clients, desktops and users as well as virtualized computers operated in UCS.
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/ucs/).
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

50
defaults/main.yml
View File

@ -1,50 +0,0 @@
---
ucs_custom_tls_enabled: False
ucs_custom_tls_apache2_enabled: False
ucs_custom_tls_dovecot_enabled: False
ucs_custom_tls_postfix_enabled: False
ucs_tls_certs_dir: /etc/pki/tls/certs
ucs_tls_key_dir: /etc/pki/tls/private
ucs_tls_cert_path: /etc/pki/tls/certs/mycert.pem
ucs_tls_key_path: /etc/pki/tls/private/mykey.pem
ucs_filesystem_acl: []
# @var ucs_filesystem_acl:example: >
# ucs_filesystem_acl:
# - path: /shares/mydocuments # needs to be set
# entity: john # needs to be set
# etype: user # needs to be set
# permissions: rw # needs to be set
# state: # defaults to 'query'
# recursive: # defaults to 'no'
ucs_system_groups: []
# @var ucs_system_groups:example: >
# ucs_system_groups:
# - name: fs-mydocuments-rw # needs to be set
# description: # defaults to not set
# subpath: # defaults to not set
# ou: # defaults to not set
# state: # defaults to 'present'
ucs_repository_unmaintained_enabled: False
ucs_registry_extra: []
# @var ucs_registry_extra:example: >
# ucs_registry_extra:
# - path: timeserver
# value: "ntp.example.com"
# state: present
ucs_cronjobs: []
# @var ucs_cronjobs:example: >
# ucs_cronjobs:
# - name: backup-cleanup
# job: "find /var/univention-backup -mtime +7 -delete"
# user: root
# minute: 0
# hour: 3
# day: "*"
# weekday: "*"
# month: "*"
# state: present

30
handlers/main.yml
View File

@ -1,30 +0,0 @@
---
- name: Restart apache service
service:
name: apache2
state: restarted
enabled: yes
listen: __ucs_apache_restart
when: ucs_custom_tls_apache2_enabled
become: True
become_user: root
- name: Restart dovecot service
service:
name: dovecot
state: restarted
enabled: yes
listen: __ucs_dovecot_restart
when: ucs_custom_tls_dovecot_enabled
become: True
become_user: root
- name: Restart postfix service
service:
name: postfix
state: restarted
enabled: yes
listen: __ucs_postfix_restart
when: ucs_custom_tls_postfix_enabled
become: True
become_user: root

194
index.md Normal file
View File

@ -0,0 +1,194 @@
---
title: ucs
type: docs
---
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.ucs) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.ucs?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.ucs) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.ucs/src/branch/main/LICENSE)
Configure an [Univention Corporate Server](https://www.univention.com/products/ucs/). UCS is a server appliance with an integrated management system for the central and cross-platform administration of servers, services, clients, desktops and users as well as virtualized computers operated in UCS.
{{< hint type=important >}} This role covers only some really basic configurations and should be considered as not production ready. {{< /hint >}}
<!--more-->
- [Default Variables](#default-variables)
- [ucs_cronjobs](#ucs_cronjobs)
- [ucs_custom_tls_apache2_enabled](#ucs_custom_tls_apache2_enabled)
- [ucs_custom_tls_dovecot_enabled](#ucs_custom_tls_dovecot_enabled)
- [ucs_custom_tls_enabled](#ucs_custom_tls_enabled)
- [ucs_custom_tls_postfix_enabled](#ucs_custom_tls_postfix_enabled)
- [ucs_filesystem_acl](#ucs_filesystem_acl)
- [ucs_registry_extra](#ucs_registry_extra)
- [ucs_repository_unmaintained_enabled](#ucs_repository_unmaintained_enabled)
- [ucs_system_groups](#ucs_system_groups)
- [ucs_tls_cert_path](#ucs_tls_cert_path)
- [ucs_tls_certs_dir](#ucs_tls_certs_dir)
- [ucs_tls_key_dir](#ucs_tls_key_dir)
- [ucs_tls_key_path](#ucs_tls_key_path)
- [Discovered Tags](#discovered-tags)
- [Dependencies](#dependencies)
---
## Default Variables
### ucs_cronjobs
#### Default value
```YAML
ucs_cronjobs: []
```
#### Example usage
```YAML
ucs_cronjobs:
- name: backup-cleanup
job: "find /var/univention-backup -mtime +7 -delete"
user: root
minute: 0
hour: 3
day: "*"
weekday: "*"
month: "*"
state: present
```
### ucs_custom_tls_apache2_enabled
#### Default value
```YAML
ucs_custom_tls_apache2_enabled: false
```
### ucs_custom_tls_dovecot_enabled
#### Default value
```YAML
ucs_custom_tls_dovecot_enabled: false
```
### ucs_custom_tls_enabled
#### Default value
```YAML
ucs_custom_tls_enabled: false
```
### ucs_custom_tls_postfix_enabled
#### Default value
```YAML
ucs_custom_tls_postfix_enabled: false
```
### ucs_filesystem_acl
#### Default value
```YAML
ucs_filesystem_acl: []
```
#### Example usage
```YAML
ucs_filesystem_acl:
- path: /shares/mydocuments # needs to be set
entity: john # needs to be set
etype: user # needs to be set
permissions: rw # needs to be set
state: # defaults to 'query'
recursive: # defaults to 'no'
```
### ucs_registry_extra
#### Default value
```YAML
ucs_registry_extra: []
```
#### Example usage
```YAML
ucs_registry_extra:
- path: timeserver
value: "ntp.example.com"
state: present
```
### ucs_repository_unmaintained_enabled
#### Default value
```YAML
ucs_repository_unmaintained_enabled: false
```
### ucs_system_groups
#### Default value
```YAML
ucs_system_groups: []
```
#### Example usage
```YAML
ucs_system_groups:
- name: fs-mydocuments-rw # needs to be set
description: # defaults to not set
subpath: # defaults to not set
ou: # defaults to not set
state: # defaults to 'present'
```
### ucs_tls_cert_path
#### Default value
```YAML
ucs_tls_cert_path: /etc/pki/tls/certs/mycert.pem
```
### ucs_tls_certs_dir
#### Default value
```YAML
ucs_tls_certs_dir: /etc/pki/tls/certs
```
### ucs_tls_key_dir
#### Default value
```YAML
ucs_tls_key_dir: /etc/pki/tls/private
```
### ucs_tls_key_path
#### Default value
```YAML
ucs_tls_key_path: /etc/pki/tls/private/mykey.pem
```
## Discovered Tags
tls_renewal
: &nbsp;
## Dependencies
None.

36
meta/main.yml
View File

@ -1,36 +0,0 @@
# Standards: 0.2
---
galaxy_info:
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
author: Robert Kaussow <mail@thegeeklab.de>
namespace: xoxys
role_name: ucs
# @meta description: >
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.ucs)
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.ucs?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.ucs)
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.ucs/src/branch/main/LICENSE)
#
# Configure an [Univention Corporate Server](https://www.univention.com/products/ucs/).
# UCS is a server appliance with an integrated management system for the central and
# cross-platform administration of servers, services, clients, desktops and users as well as
# virtualized computers operated in UCS.
#
# {{< hint type=important >}}
# This role covers only some really basic configurations and should be considered as not production ready.
# {{< /hint >}}
# @end
description: Configure an Univention Corporate Server
license: MIT
min_ansible_version: 2.10
platforms:
- name: EL
versions:
- 7
galaxy_tags:
- univention
- ucs
- domain
dependencies: []
collections:
- xoxys.general
- community.general

12
setup.cfg
View File

@ -1,12 +0,0 @@
[flake8]
ignore = D100, D101, D102, D103, D105, D107, E402, W503
max-line-length = 99
inline-quotes = double
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
[yapf]
based_on_style = google
column_limit = 99
dedent_closing_brackets = true
coalesce_brackets = true
split_before_logical_operator = true

18
tasks/cron.yml
View File

@ -1,18 +0,0 @@
---
- name: Setup custom cronjobs
cron:
name: "{{ item.name }}"
minute: "{{ item.minute | default(0) }}"
hour: "{{ item.hour | default(3) }}"
day: "{{ item.day | default('*') }}"
weekday: "{{ item.weekday | default('*') }}"
month: "{{ item.month | default('*') }}"
user: "{{ item.user | default('root') }}"
cron_file: univention-custom
job: "{{ item.job }}"
state: "{{ item.state | default('present') }}"
loop: "{{ ucs_cronjobs }}"
loop_control:
label: "{{ item.name }}"
become: True
become_user: root

15
tasks/filesystem.yml
View File

@ -1,15 +0,0 @@
---
- name: Set acl for shares
acl:
path: "{{ item.path }}"
entity: "{{ item.entity }}"
etype: "{{ item.etype }}"
permissions: "{{ item.permissions }}"
state: "{{ item.state | default('query') }}"
recursive: "{{ item.recursive | default('no') }}"
default: "{{ item.default | default('no') }}"
loop: "{{ ucs_filesystem_acl }}"
loop_control:
label: "{{ item.path }}"
become: True
become_user: root

7
tasks/main.yml
View File

@ -1,7 +0,0 @@
---
- include_tasks: registry.yml
- include_tasks: users_groups.yml
- include_tasks: filesystem.yml
- include_tasks: cron.yml
- import_tasks: tls.yml
tags: tls_renewal

10
tasks/registry.yml
View File

@ -1,10 +0,0 @@
---
- block:
- name: Set system settings to registry
ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
state: "{{ item.state | default('present') }}"
loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
become: True
become_user: root

66
tasks/tls.yml
View File

@ -1,66 +0,0 @@
---
- block:
- name: Create tls folder structure
file:
path: "{{ item }}"
state: directory
mode: 0700
loop:
- "{{ ucs_tls_certs_dir }}"
- "{{ ucs_tls_key_dir }}"
- name: Copy certs and private key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "{{ ucs_tls_cert_path }}", dest: "{{ ucs_tls_certs_dir }}/ucs.pem", mode: '0600' }
- { src: "{{ ucs_tls_key_path }}", dest: "{{ ucs_tls_key_dir }}/ucs.pem", mode: '0750' }
loop_control:
label: "{{ item.dest }}"
notify:
- __ucs_apache_restart
- __ucs_dovecot_restart
- __ucs_postfix_restart
- name: Set apache2 ucr vars
ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- { path: apache2/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: apache2/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- { path: saml/apache2/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: saml/apache2/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __ucs_apache_restart
when: ucs_custom_tls_apache2_enabled
- name: Set dovecot ucr vars
ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- { path: mail/dovecot/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: mail/dovecot/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __ucs_dovecot_restart
when: ucs_custom_tls_dovecot_enabled
- name: Set postfix ucr vars
ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- { path: mail/postfix/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: mail/postfix/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __ucs_postfix_restart
when: ucs_custom_tls_postfix_enabled
become: True
become_user: root
when: ucs_custom_tls_enabled

13
tasks/users_groups.yml
View File

@ -1,13 +0,0 @@
---
- name: Create system groups
udm_group:
name: "{{ item.name }}"
description: "{{ item.description | default(omit) }}"
subpath: "{{ item.subpath | default(omit) }}"
ou: "{{ item.ou | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ ucs_system_groups }}"
loop_control:
label: "{{ item.name }}"
become: True
become_user: root

4
vars/main.yml
View File

@ -1,4 +0,0 @@
---
__usc_registry_settings:
- path: "repository/online/unmaintained"
value: "{{ 'yes' if ucs_repository_unmaintained_enabled else 'no' }}"